🐞 Bug Summary

When registering an authless MCP server (no authentication needed), the API returns:

String should match pattern '^[a-zA-Z_][a-zA-Z0-9_\-]*$'

This validation error comes from the auth_query_param_key field in GatewayCreate and GatewayUpdate schemas.

🧩 Affected Component

Select the area of the project impacted:

• mcpgateway - API
• mcpgateway - UI (admin panel)
• mcpgateway.wrapper - stdio wrapper
• Federation or Transports
• CLI, Makefiles, or shell scripts
• Container setup (Docker/Podman/Compose)
• Other (explain below)

🔁 Steps to Reproduce

#### UI Reproduction Steps

1. Access the admin UI
2. Navigate to the Gateways tab
3. Fill the MCP form with a valid MCP server, with authentication type=none and no CA certificate
4. Submit the form
5. Verify the form validation errors

#### API Reproduction Steps

1. Generate a valid JWT token for authentication:
   export TOKEN=$(python -m mcpgateway.utils.create_jwt_token --username admin@example.com --exp 10080 --secret your-secret-key)

2. Attempt to register an authless MCP server via POST /gateways:

curl -X POST http://localhost:4444/gateways \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer $TOKEN" \
 -d '{
   "name": "test-authless-server",
   "url": "http://localhost:9000",
   "auth_type": "none"
 }'

3. Observe the validation error response:
   {"detail":[{"type":"value_error","loc":["body","auth_value"],"msg":"Value error, Invalid 'auth_type'. Must be one of: basic, bearer, oauth, authheaders, or query_param.","input":null,"ctx":{"error":{}}}]}%

4. Confirm the same error occurs with explicit null:

# With explicit null
curl -X POST http://localhost:8000/gateways \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "name": "test-authless-server",
    "url": "http://localhost:9000",
    "auth_type": "none",
    "auth_query_param_key": null
  }'

5. Observe the validation error response:

{"detail":[{"type":"value_error","loc":["body","auth_value"],"msg":"Value error, Invalid 'auth_type'. Must be one of: basic, bearer, oauth, authheaders, or query_param.","input":null,"ctx":{"error":{}}}]}%

6. Confirm the validation error occurs with an empty string:

# With empty string
curl -X POST http://localhost:8000/gateways \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "name": "test-authless-server",
    "url": "http://localhost:9000",
    "auth_type": "none",
    "auth_query_param_key": ""
  }'

7. Observe the validation error response:

{"detail":[{"type":"string_pattern_mismatch","loc":["body","auth_query_param_key"],"msg":"String should match pattern '^[a-zA-Z_][a-zA-Z0-9_\\-]*$'","input":"","ctx":{"pattern":"^[a-zA-Z_][a-zA-Z0-9_\\-]*$"}},{"type":"value_error","loc":["body","auth_value"],"msg":"Value error, Invalid 'auth_type'. Must be one of: basic, bearer, oauth, authheaders, or query_param.","input":null,"ctx":{"error":{}}}]}%

🤔 Expected Behavior

The MCP server should be registered successfully.